Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passwordless auth #409

Closed
KidkArolis opened this Issue Jan 27, 2017 · 6 comments

Comments

Projects
None yet
7 participants
@KidkArolis
Copy link

KidkArolis commented Jan 27, 2017

Hi,

I'm about to deep dive into implementing a passwordless auth flow and was wondering if you had any starting pointers, tips or code snippets from the top of your head that would speed things up for me. I want:

  1. "Login" link shows email input if no session is present
  2. Submitting email sends a 1 hour login token
  3. Clicking the link logs the user in for 30 days

That's it. Does feathers-auth make any assumptions about the presence of password? Am I better off implementing this flow completely from scratch or is feathers-authentication/feathers-authentication-management useful?

Feel free to close this issue since it's not really an issue.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Jan 27, 2017

Only that feathers-authentication-management ought to help with putting this together.

@buildog

This comment has been minimized.

Copy link

buildog commented Feb 1, 2017

@ekryski , @marshallswain any feathers-authentication-management example for SMS (#7) (short token) would be valuable too, I'm not sure that would work as from the doc:

The user must be identified when the short token is used, making the short token less appealing as an attack vector.

@Viskazz

This comment has been minimized.

Copy link

Viskazz commented Feb 25, 2017

This is not a big deal to make it by hand. The node-mailer may easy used for transport. I'd like to store user shema in mongo with email, sendedAt, verifiedAt, validBefore:Number, validateLink records.
validateLink is just auto generated ObjectId by mongo, send it to user (with salt) and then compare expiriedBefore < verifiedAt - sendedAt

@ekryski

This comment has been minimized.

Copy link
Member

ekryski commented Jul 24, 2017

This is definitely doable. You can either do it custom as @Viskazz described or use feathers-authentication-management. Visit the repo for links to guides and docs.

So I think we're pretty covered here. Going to close to keep issues triaged and current.

@ekryski ekryski closed this Jul 24, 2017

@rhythnic

This comment has been minimized.

@daffl

This comment has been minimized.

Copy link
Member

daffl commented Aug 18, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.